;made by correy
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib user32.lib
includelib kernel32.lib
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib user32.lib
includelib kernel32.lib
.data
correy db "made by correy",0
show db "exefilename is %s ;pid is %8d;thread numbers is %8d",0
correy db "made by correy",0
show db "exefilename is %s ;pid is %8d;thread numbers is %8d",0
.data?
lpBuffer DB 256 DUP (?)
stProcess PROCESSENTRY32 <>
hSnapShot dd ?
lpBuffer DB 256 DUP (?)
stProcess PROCESSENTRY32 <>
hSnapShot dd ?
.code
start:
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov hSnapShot,eax
mov stProcess.dwSize,sizeof stProcess
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke wsprintf,addr lpBuffer,addr show,addr stProcess.szExeFile,stProcess.th32ProcessID,stProcess.cntThreads
invoke MessageBox,0,addr lpBuffer,addr correy,0
invoke Process32Next,hSnapShot,addr stProcess
.endw
invoke CloseHandle,hSnapShot
mov hSnapShot,eax
mov stProcess.dwSize,sizeof stProcess
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke wsprintf,addr lpBuffer,addr show,addr stProcess.szExeFile,stProcess.th32ProcessID,stProcess.cntThreads
invoke MessageBox,0,addr lpBuffer,addr correy,0
invoke Process32Next,hSnapShot,addr stProcess
.endw
invoke CloseHandle,hSnapShot
invoke ExitProcess,NULL
end start
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;made by correy
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
;显示所有的线程及其所属的进程。
;或者说显示所有的进程pid及其中的所有线程。
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib user32.lib
includelib kernel32.lib
;Email:leguanyuan@126.com
;QQ:112426112
;rc me.rc
;ml /coff test.asm /link /subsystem:windows me.res
;显示所有的线程及其所属的进程。
;或者说显示所有的进程pid及其中的所有线程。
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib user32.lib
includelib kernel32.lib
.data
correy db "made by correy",0
show db "thread is %8d;pid is %8d",0
correy db "made by correy",0
show db "thread is %8d;pid is %8d",0
.data?
lpBuffer DB 256 DUP (?)
stthread THREADENTRY32 <>
hSnapShot dd ?
lpBuffer DB 256 DUP (?)
stthread THREADENTRY32 <>
hSnapShot dd ?
.code
start:
invoke CreateToolhelp32Snapshot,TH32CS_SNAPTHREAD,0
mov hSnapShot,eax
mov hSnapShot,eax
mov stthread.dwSize,sizeof THREADENTRY32
invoke Thread32First,hSnapShot,addr stthread
.while eax
invoke wsprintf,addr lpBuffer,addr show,stthread.th32ThreadID,stthread.th32OwnerProcessID
invoke MessageBox,0,addr lpBuffer,addr correy,0
invoke Thread32Next,hSnapShot,addr stthread
.endw
invoke CloseHandle,hSnapShot
invoke Thread32First,hSnapShot,addr stthread
.while eax
invoke wsprintf,addr lpBuffer,addr show,stthread.th32ThreadID,stthread.th32OwnerProcessID
invoke MessageBox,0,addr lpBuffer,addr correy,0
invoke Thread32Next,hSnapShot,addr stthread
.endw
invoke CloseHandle,hSnapShot
invoke ExitProcess,NULL
end start
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;本文改编自masm32v10的一个程序。
;相关的api资料在windows的win32.hlp里面没有找到。
;本文没有上网查资料,完全自己所为。
;不足的地方,敬请指导。
;QQ:112426112
;Email:leguanyuan@126.com
;Homepage:http://correy.webs.com
;ml /coff console.asm /link /subsystem:console
;相关的api资料在windows的win32.hlp里面没有找到。
;本文没有上网查资料,完全自己所为。
;不足的地方,敬请指导。
;QQ:112426112
;Email:leguanyuan@126.com
;Homepage:http://correy.webs.com
;ml /coff console.asm /link /subsystem:console
.386
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include psapi.inc
includelib kernel32.lib
includelib psapi.lib
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include psapi.inc
includelib kernel32.lib
includelib psapi.lib
.data
processnumber db "某一时刻运行的程序个数(十六进制)为:",0
noOpenProcess db "没有用OpenProcess函数打开。",0
noEnumProcessModules db "没有用EnumProcessModules函数打开。",0
space db " ",0
entry db 13,10,0
outtitle db "按回车键退出!",0
path db "程序的完整路径是:",0
wrong db "本办法找不到!",0
processnumber db "某一时刻运行的程序个数(十六进制)为:",0
noOpenProcess db "没有用OpenProcess函数打开。",0
noEnumProcessModules db "没有用EnumProcessModules函数打开。",0
space db " ",0
entry db 13,10,0
outtitle db "按回车键退出!",0
path db "程序的完整路径是:",0
wrong db "本办法找不到!",0
.data?
ofn OPENFILENAME <>
buffer db 4096 DUP (?)
bufferl db 8 dup (?)
named db 4096 DUP (?)
pbuf dd ?
breq dd ?
hProcess dd ?
hMod dd ?
cbNeeded dd ?
hstdout dd ?
hstdin dd ?
x dd ?
ofn OPENFILENAME <>
buffer db 4096 DUP (?)
bufferl db 8 dup (?)
named db 4096 DUP (?)
pbuf dd ?
breq dd ?
hProcess dd ?
hMod dd ?
cbNeeded dd ?
hstdout dd ?
hstdin dd ?
x dd ?
.code
showeax proc;坚决拒绝使用wsprintf等类似函数。
pushad
mov ecx,8
xor esi,esi
againp:
dec ecx
rol eax,4
push eax
and eax,0Fh
cmp eax,9
jg big
add eax,30h
mov [bufferl+esi],al
pop eax
inc esi
cmp ecx,0
jne againp
je showp
big:
add eax,37h
mov [bufferl+esi],al
pop eax
inc esi
cmp ecx,0
jne againp
showp:
popad
ret
showeax endp
pushad
mov ecx,8
xor esi,esi
againp:
dec ecx
rol eax,4
push eax
and eax,0Fh
cmp eax,9
jg big
add eax,30h
mov [bufferl+esi],al
pop eax
inc esi
cmp ecx,0
jne againp
je showp
big:
add eax,37h
mov [bufferl+esi],al
pop eax
inc esi
cmp ecx,0
jne againp
showp:
popad
ret
showeax endp
start:
invoke GetStdHandle,-10
mov hstdin,eax
invoke GetStdHandle,-11
mov hstdout,eax
invoke GetStdHandle,-10
mov hstdin,eax
invoke GetStdHandle,-11
mov hstdout,eax
invoke EnumProcesses,addr buffer,4096,ADDR breq
shr breq,2
shr breq,2
mov eax,breq
call showeax
invoke WriteFile,hstdout,addr processnumber,sizeof processnumber,0,0
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr entry,2,0,0
call showeax
invoke WriteFile,hstdout,addr processnumber,sizeof processnumber,0,0
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr entry,2,0,0
mov ebx,0
again:
mov eax,dword ptr [buffer+ebx]
mov x,eax
invoke OpenProcess,410h,0,x
cmp eax,0
jne next
mov eax,dword ptr [buffer+ebx]
mov x,eax
invoke OpenProcess,410h,0,x
cmp eax,0
jne next
mov eax,x
call showeax
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr space,sizeof space,0,0
invoke WriteFile,hstdout,addr noOpenProcess,sizeof noOpenProcess,0,0
jmp next3
call showeax
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr space,sizeof space,0,0
invoke WriteFile,hstdout,addr noOpenProcess,sizeof noOpenProcess,0,0
jmp next3
next:
mov hProcess,eax
invoke EnumProcessModules,hProcess,ADDR hMod,4,ADDR cbNeeded
cmp eax,0
jne next2
mov eax,x
call showeax
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr space,sizeof space,0,0
invoke WriteFile,hstdout,addr noEnumProcessModules,sizeof noEnumProcessModules,0,0
jmp next3
next2:
invoke GetModuleBaseName,hProcess,hMod,addr named,260
mov eax,x
call showeax
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr space,sizeof space,0,0
invoke lstrlen,addr named
inc eax
invoke WriteFile,hstdout,addr named,eax,0,0
invoke WriteFile,hstdout,addr space,2,0,0
next3:
invoke WriteFile,hstdout,addr path,sizeof path,0,0
invoke GetModuleFileNameEx,hProcess,hMod,addr named,260
invoke lstrlen,addr named
.if eax==0
invoke WriteFile,hstdout,addr wrong,sizeof wrong,0,0
.endif
invoke WriteFile,hstdout,addr named,eax,0,0
invoke WriteFile,hstdout,addr entry,2,0,0
add ebx,4
mov hProcess,eax
invoke EnumProcessModules,hProcess,ADDR hMod,4,ADDR cbNeeded
cmp eax,0
jne next2
mov eax,x
call showeax
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr space,sizeof space,0,0
invoke WriteFile,hstdout,addr noEnumProcessModules,sizeof noEnumProcessModules,0,0
jmp next3
next2:
invoke GetModuleBaseName,hProcess,hMod,addr named,260
mov eax,x
call showeax
invoke WriteFile,hstdout,addr bufferl,8,0,0
invoke WriteFile,hstdout,addr space,sizeof space,0,0
invoke lstrlen,addr named
inc eax
invoke WriteFile,hstdout,addr named,eax,0,0
invoke WriteFile,hstdout,addr space,2,0,0
next3:
invoke WriteFile,hstdout,addr path,sizeof path,0,0
invoke GetModuleFileNameEx,hProcess,hMod,addr named,260
invoke lstrlen,addr named
.if eax==0
invoke WriteFile,hstdout,addr wrong,sizeof wrong,0,0
.endif
invoke WriteFile,hstdout,addr named,eax,0,0
invoke WriteFile,hstdout,addr entry,2,0,0
add ebx,4
dec breq
cmp breq,0
jne again
cmp breq,0
jne again
;invoke GetProcessImageFileName
invoke WriteFile,hstdout,addr outtitle,sizeof outtitle,0,0
invoke ReadFile,hstdin,addr buffer,sizeof buffer,addr x,0
invoke ReadFile,hstdin,addr buffer,sizeof buffer,addr x,0
exit:
invoke ExitProcess,NULL
end start
;made at 2010.08.27
invoke ExitProcess,NULL
end start
;made at 2010.08.27
没有评论:
发表评论